From unknown Sat Aug 16 21:02:18 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#35716 <35716@debbugs.gnu.org>
To: bug#35716 <35716@debbugs.gnu.org>
Subject: Status: Password security bugs in LUKS configuration during
 guided install
Reply-To: bug#35716 <35716@debbugs.gnu.org>
Date: Sun, 17 Aug 2025 04:02:18 +0000

retitle 35716 Password security bugs in LUKS configuration during guided in=
stall=20
reassign 35716 guix
submitter 35716 sirmacik <sirmacik@wioo.waw.pl>
severity 35716 important
tag 35716 security

thanks


From debbugs-submit-bounces@debbugs.gnu.org Mon May 13 11:11:58 2019
Received: (at submit) by debbugs.gnu.org; 13 May 2019 15:11:58 +0000
Received: from localhost ([127.0.0.1]:45946 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hQCcQ-0006qp-E3
	for submit@debbugs.gnu.org; Mon, 13 May 2019 11:11:58 -0400
Received: from eggs.gnu.org ([209.51.188.92]:33823)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <sirmacik@wioo.waw.pl>) id 1hQCaE-0006mg-Vx
 for submit@debbugs.gnu.org; Mon, 13 May 2019 11:09:44 -0400
Received: from lists.gnu.org ([209.51.188.17]:40048)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <sirmacik@wioo.waw.pl>)
 id 1hQCa9-000649-TQ
 for submit@debbugs.gnu.org; Mon, 13 May 2019 11:09:37 -0400
Received: from eggs.gnu.org ([209.51.188.92]:48203)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <sirmacik@wioo.waw.pl>) id 1hQCa8-0007zf-OY
 for bug-guix@gnu.org; Mon, 13 May 2019 11:09:37 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED
 autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <sirmacik@wioo.waw.pl>) id 1hQCa7-00062N-Sp
 for bug-guix@gnu.org; Mon, 13 May 2019 11:09:36 -0400
Received: from mail.freearts.agency ([51.68.137.137]:57486)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <sirmacik@wioo.waw.pl>)
 id 1hQCa7-0005v4-CY
 for bug-guix@gnu.org; Mon, 13 May 2019 11:09:35 -0400
Received: from localhost (localhost [127.0.0.1]) (Authenticated sender:
 sirmacik@wioo.waw.pl)
 by mail.freearts.agency (Postcow) with ESMTPSA id B0A3840369
 for <bug-guix@gnu.org>; Mon, 13 May 2019 17:09:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wioo.waw.pl; s=dkim;
 t=1557760164; h=from:from:sender:reply-to:subject:subject:date:date:
 message-id:message-id:to:to:cc:mime-version:mime-version:
 content-type:content-type:content-transfer-encoding:in-reply-to:
 references; bh=NrouV7C7YauNrC8HBFUVMq1aKT+x++0bm8qTLNdOwk4=;
 b=j8DCrlfoOyUUfuKXHrW9zEPNjtOlO0o25H2KNpuOyk31CSgHuHmc21LGwfFPBIb6Gjj+QD
 dyN27ulhBAY5LOuhspIRHqiTNnr/VTwrsqdZf8CPBozvNEOS0awk0CCPezZvFT25A3HM8v
 apaev5rvDasHncOTO/9TG24pVkh8QBSsuCwQRKFaSYFFrsjVzL123S8jI1mcULeDyPGOqT
 HP6CjqsnX+hX5xEzYuesMhG6VfvuO9gklN4oXXbqtGkJBNQKGqkMIQfr5cAwa1Qo7uwGkO
 rNUGicI44fDTJVeUtegB25Yrr2jlAHUv1OHRgZNvoPTUOUlPOxE5rro+CzlkaA==
Date: Mon, 13 May 2019 17:09:22 +0200
From: sirmacik <sirmacik@wioo.waw.pl>
To: bug-guix@gnu.org
Subject: Password security bugs in LUKS configuration during guided install 
Message-ID: <20190513150922.GA30339@mail.freearts.agency>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Microsoft Office/14.0 (Windows NT 6.0; Microsoft Outlook
 14.0.4760; Pro)
X-PGP-Key: https://sirmacik.net/dl/wioo.asc
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=wioo.waw.pl;
 s=dkim; t=1557760164; h=from:from:sender:reply-to:subject:subject:date:date:
 message-id:message-id:to:to:cc:mime-version:mime-version:
 content-type:content-type:content-transfer-encoding:in-reply-to:
 references; bh=NrouV7C7YauNrC8HBFUVMq1aKT+x++0bm8qTLNdOwk4=;
 b=TcwtMpUmUe8zt8I33Vvk78HAmp4uaaVDCq3j22u8BqpNweymT8223oHY3PFQSarOTR+3Nt
 m+tTOgqFtsTuemDdXhavQO2bRjtmhItBhae90oesYiBa/AhfqLauHFrv68+XfOZKPGbMXF
 db+bYOjX/07r+49VlDBuja7fqIWlQS+ELCie1D1FS3CLXWXUZPFMzDDNsBcHwQtAg17esR
 7pqqT2BUkC+4UeHEXZ74WLTa/rq0oJAkeXAzGK4SYqHszo0VsIUHjOOmit9GeO8mhP40N+
 T4oYB0O68O2y9n+47t/RoisfThRGuuGhST2JP2+56sL6NNCJU5fMWQQENt8V1w==
ARC-Seal: i=1; s=dkim; d=wioo.waw.pl; t=1557760164; a=rsa-sha256; cv=none;
 b=Z7nzYN6NNkHBS3rl99P9QCvfpalRIfBJwNl4o8Kd2Fp1NwgiWHWBLhMaNrBr+ttMQcNuk5
 nGFf5ZY7Q/9r4ZbKIHK2odpX5jcH4kTjo5hmevwPsrwfNqYnxzuVMkL5hwfNDEWBAkny0S
 y372vCld3ksLlI8Jp5r3vnLW3aU2u7wqSPgUBNoAQGUSYOAsVaLUt4LVNIsw4uk/ITq7Gw
 zGkcJpuCmICY0SZS+XOttYpnQC8IkJIar2+03V8CIeSpaLRPf/5K1aN0JqpYDGJumnWGHC
 mdgkykZ91ewDiKU+piVqZlVVnTbCLRL4fKvay0NoYYCM01nlzziH66FzBc4zlA==
ARC-Authentication-Results: i=1; mail.freearts.agency;
 auth=pass smtp.auth=sirmacik@wioo.waw.pl smtp.mailfrom=sirmacik@wioo.waw.pl
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 51.68.137.137
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Mon, 13 May 2019 11:11:55 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Hey Guix

I've asked on IRC if those bugs were known but apparently no, so here
they are:

- during guided installation with LUKS encryption one is not able to
  enter password longer then length of field;
- in the same field password is shown during typing (lets one see bug
  above, characters typed after reaching length of field are simply
  not recorded);

Field with conformation hides typed letters. Due to bug #1 I wasn't
able to check if it works properly.

--
sirmacik
PGP: 0xE0DC81D523891771




From debbugs-submit-bounces@debbugs.gnu.org Tue May 14 00:10:46 2019
Received: (at control) by debbugs.gnu.org; 14 May 2019 04:10:46 +0000
Received: from localhost ([127.0.0.1]:46870 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hQOm5-0000bh-NF
	for submit@debbugs.gnu.org; Tue, 14 May 2019 00:10:46 -0400
Received: from eggs.gnu.org ([209.51.188.92]:58388)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1hQOm3-0000bS-QZ
 for control@debbugs.gnu.org; Tue, 14 May 2019 00:10:44 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52566)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1hQJQT-0000Yh-U4
 for control@debbugs.gnu.org; Mon, 13 May 2019 18:28:11 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=34594 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>) id 1hQJQN-0008JM-5a
 for control@debbugs.gnu.org; Mon, 13 May 2019 18:28:01 -0400
Date: Tue, 14 May 2019 00:27:57 +0200
Message-Id: <874l5youqa.fsf@gnu.org>
To: control@debbugs.gnu.org
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Subject: control message for bug #35716
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

severity 35716 important




From debbugs-submit-bounces@debbugs.gnu.org Tue May 14 05:51:00 2019
Received: (at control) by debbugs.gnu.org; 14 May 2019 09:51:00 +0000
Received: from localhost ([127.0.0.1]:47398 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hQU5M-00056p-84
	for submit@debbugs.gnu.org; Tue, 14 May 2019 05:51:00 -0400
Received: from eggs.gnu.org ([209.51.188.92]:59167)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1hQU5K-00056c-Fa
 for control@debbugs.gnu.org; Tue, 14 May 2019 05:50:58 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:60830)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1hQU5E-0003n2-LZ
 for control@debbugs.gnu.org; Tue, 14 May 2019 05:50:52 -0400
Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=47262 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>) id 1hQU5E-0003ua-5e
 for control@debbugs.gnu.org; Tue, 14 May 2019 05:50:52 -0400
Date: Tue, 14 May 2019 11:50:49 +0200
Message-Id: <875zqd2wli.fsf@gnu.org>
To: control@debbugs.gnu.org
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Subject: control message for bug #35716
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

tags 35716 security




From debbugs-submit-bounces@debbugs.gnu.org Tue May 14 06:17:39 2019
Received: (at 35716-done) by debbugs.gnu.org; 14 May 2019 10:17:39 +0000
Received: from localhost ([127.0.0.1]:47467 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hQUV9-0007se-8r
	for submit@debbugs.gnu.org; Tue, 14 May 2019 06:17:39 -0400
Received: from eggs.gnu.org ([209.51.188.92]:41504)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1hQUV6-0007sN-Sr
 for 35716-done@debbugs.gnu.org; Tue, 14 May 2019 06:17:37 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:32975)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1hQUV0-000534-ON; Tue, 14 May 2019 06:17:30 -0400
Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=47526 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1hQUV0-0005sM-AD; Tue, 14 May 2019 06:17:30 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: sirmacik <sirmacik@wioo.waw.pl>
Subject: Re: bug#35716: Password security bugs in LUKS configuration during
 guided install
References: <20190513150922.GA30339@mail.freearts.agency>
Date: Tue, 14 May 2019 12:17:28 +0200
In-Reply-To: <20190513150922.GA30339@mail.freearts.agency>
 (sirmacik@wioo.waw.pl's message of "Mon, 13 May 2019 17:09:22 +0200")
Message-ID: <87v9yd1gsn.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 35716-done
Cc: 35716-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi sirmacik,

sirmacik <sirmacik@wioo.waw.pl> skribis:

> I've asked on IRC if those bugs were known but apparently no, so here
> they are:
>
> - during guided installation with LUKS encryption one is not able to
>   enter password longer then length of field;

Good catch!

Commit ef250707d3303d58ae00fe8f461701e7fa788d8a fixes it for the
passphrase, the root password, and user passwords.

> - in the same field password is shown during typing (lets one see bug
>   above, characters typed after reaching length of field are simply
>   not recorded);

This has been addressed recently:
<https://issues.guix.info/issue/35540>.

Thanks for your report!

Ludo=E2=80=99.




From unknown Sat Aug 16 21:02:18 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Tue, 11 Jun 2019 11:24:06 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator